NexusIQ Unable to Scan SBOM


We’ve been using nexus iq in our pipelines to read an SBOM generated via Cyclonedx to create reports for vulnerabilities. It seems that the newer Sonatype IQ server release (168) has broken our SBOM scanning. We’re now getting the following error, even when I use the GUI and “evaluate a file”:

“An error occurred loading data. An error occurred, and the application you uploaded has not been evaluated. Please contact your IT Administrator for troubleshooting options.”

I have verified that our SBOMs are correct cyclonedx format, and I even tried one of cyclonedx’s example boms, and it also failed. I tried both xml and json. It appears the issue happens when we have more than one component in the sbom, if we have just one component, it works, more than one, we get the error message. In the GUI, when evaluating a file, it happens on the 4/5’th step, “Evaluating policy”. Is this happening to anyone else?

Hi @stervioo and welcome! This is a known issue that will be addressed in an upcoming release. Stay tuned!